manualshive.com logo in svg

H3C S3600V2 SERIES, Layer 2-Lan Switching Configuration Manual

The H3C S3600V2 Series is a high-performance Layer 2 LAN switching device, offering seamless connectivity and advanced features. For detailed configuration instructions, download the free manual from our website. Access the Layer 2 LAN Switching Configuration Manual to optimize the functionality of your S3600V2 Series device.

Share
Download
background image

 

59 

Configuring port isolation 

Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can 

also use this feature to isolate the hosts in a VLAN from one another. 
To use the feature, assign ports to a port isolation group. Ports in an isolation group are called "isolated 
ports." One isolated port cannot forward Layer 2 traffic to any other isolated port on the same switch, 

even if they are in the same VLAN. An isolated port can communicate with any port outside the isolation 

group if they are in the same VLAN.  
The switch series supports only one isolation group "isolation group 1." The isolation group is 

automatically created and cannot be deleted. There is no limit on the number of member ports. 

Assigning a port to the isolation group 

 

Step Command 

Remarks 

1.

 

Enter system view. 

system-view 

N/A 

2.

 

Enter interface view or port 
group view. 

 

Enter Ethernet interface view: 

interface 

interface-type 

interface-number

 

 

Enter Layer 2 aggregate 

interface view: 

interface bridge-aggregation 

interface-number

 

 

Enter port group view: 

port-group manual 

port-group-name

 

Use one of the commands. 

 

In Ethernet interface view, the 

subsequent configurations 
apply to the current port. 

 

In Layer 2 aggregate interface 

view, the subsequent 
configurations apply to the 

Layer 2 aggregate interface 

and all its member ports.  

 

In port group view, the 

subsequent configurations 

apply to all ports in the port 
group. 

3.

 

Assign the port or ports to the 

isolation group as an isolated 

port or ports. 

port-isolate enable 

No ports are added to the isolation 
group by default.  

 

Displaying and maintaining the isolation group 

 

Task Command 

Remarks 

Display isolation group 
information. 

display port-isolate group

 [ 

|

 { 

begin

 | 

exclude

 | 

include

 } 

regular-expression

 ] 

Available in any view 

 

Summary of Contents for S3600V2 SERIES

Page 1: ...H3C S3600V2 Switch Series Layer 2 LAN Switching Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Software version Release 2108 Document version 6W100 20131130...

Page 2: ...ne SecPath SecCenter SecBlade Comware ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective...

Page 3: ...rk packets through the public network and modify VLAN tags for packets This preface includes Audience Added and modified features Conventions About the H3C S3600V2 documentation set Obtaining document...

Page 4: ...VLAN mapping N A LLDP Modified feature For the LLDP compatible CDP features the Addresses Capabilities Software Version Platform Duplex MTU and System Name fields were added to the CDP packets sent by...

Page 5: ...ample pop up the New User window Multi level menus are separated by forward slashes For example File Create Folder Symbols Convention Description WARNING An alert that calls attention to important inf...

Page 6: ...nd replacement of RPSs H3C Low End Series Ethernet Switches Pluggable Modules Manual Describes the specifications of pluggable transceiver modules Pluggable SFP SFP XFP Transceiver Modules Installatio...

Page 7: ...tions Technical Support Documents Software Download Provides the documentation released with the software version Technical support service h3c com http www h3c com Documentation feedback You can e ma...

Page 8: ...hernet interface 14 Testing the cable connection of an Ethernet interface 14 Configuring storm control on an Ethernet interface 15 Setting the MTU for a Layer 3 Ethernet interface 16 Displaying and ma...

Page 9: ...thernet link aggregation configuration task list 40 Configuring an aggregation group 40 Configuration guidelines 41 Configuring a static aggregation group 41 Configuring a dynamic aggregation group 42...

Page 10: ...ice as a secondary root bridge of a specific spanning tree 81 Configuring the device priority 81 Configuring the maximum hops of an MST region 81 Configuring the network diameter of a switched network...

Page 11: ...102 PVST configuration example 106 Configuring BPDU tunneling 110 Overview 110 Background 110 BPDU tunneling implementation 111 Enabling BPDU tunneling 112 Configuration prerequisites 112 Configuratio...

Page 12: ...Network requirements 152 Configuration procedure 152 Verifying the configuration 153 Configuring a voice VLAN 155 Overview 155 Methods of identifying IP phones 155 OUI addresses 155 Automatically ide...

Page 13: ...d and benefits 182 How QinQ works 182 QinQ frame structure 183 Implementations of QinQ 184 Protocols and standards 184 QinQ configuration task list 184 Configuring basic QinQ 185 Enabling basic QinQ 1...

Page 14: ...Configuring LLDP 225 Overview 225 Background 225 Basic concepts 225 How LLDP works 229 Protocols and standards 230 LLDP configuration task list 230 Performing basic LLDP configuration 230 Enabling LL...

Page 15: ...iguration prerequisites 250 Enabling MVRP 250 Configuration restrictions and guidelines 250 Configuration procedure 251 Configuring the MVRP registration mode 251 Configuring MRP timers 252 Enabling G...

Page 16: ...work simultaneously When you enable either port the other port is automatically disabled The fiber combo port and the copper combo port share one interface view in which you can activate the fiber or...

Page 17: ...r 2 Ethernet interface you can also set speed options for auto negotiation The two ends can select a speed only from the available options For more information see Setting speed options for auto negot...

Page 18: ...ter port group view port group manual port group name Use any command To shut down an Ethernet interface enter Ethernet interface To shut down all Ethernet interfaces in a port group enter port group...

Page 19: ...ble flow control Enable TxRx flow control flow control Enable Rx flow control flow control receive enable Use either command By default Rx flow control is disabled on an Ethernet interface Configuring...

Page 20: ...m view N A 2 Enter Ethernet interface view interface interface type interface number N A 3 Set a link up event suppression interval link delay delay time mode up Link up event suppression is disabled...

Page 21: ...or route To change the link mode of an Ethernet interface Step Command Remarks 1 Enter system view system view N A 2 Change the link mode of Ethernet interfaces In system view port link mode bridge r...

Page 22: ...rfaces An interface enters the power save mode if it has not received any packet for a certain period of time this interval depends on the specifications of the chip and is not configurable When a pac...

Page 23: ...ur switch might use the same set of settings To configure these interfaces in bulk rather than one by one you can assign them to a port group You create port groups manually All settings made for a po...

Page 24: ...in Figure 2 all ports on Switch A are operating in speed auto negotiation mode with the highest speed of 1000 Mbps If the transmission rate of each server in the server cluster is 1000 Mbps their tota...

Page 25: ...Enter Ethernet interface view or port group view Enter Ethernet interface view interface interface type interface number Enter port group view port group manual port group name Use either command To c...

Page 26: ...You can use this feature to detect whether a loop has occurred Depending on whether the receiving interface is the same as the sending interface loops fall into the following type Single port loop Occ...

Page 27: ...face Configuration restrictions and guidelines To use loopback detection on an Ethernet interface you must enable the function both globally and on the interface When the multi port loopback detection...

Page 28: ...a looped interface drops the incoming packets and correctly sends packets the system generates traps and log messages and deletes all MAC address entries of the looped interface With the shutdown keyw...

Page 29: ...across auto normal Optional By default a copper Ethernet interface operates in auto mode to negotiate pin roles with its peer Enabling bridging on an Ethernet interface When an incoming packet arrive...

Page 30: ...s the traffic When the blocked traffic drops below the lower threshold the port begins to forward the traffic Shuts down automatically The interface shuts down automatically and stops forwarding any t...

Page 31: ...torm constrain enable trap Optional By default the interface sends traps when monitored traffic exceeds the upper threshold or drops below the lower threshold from the upper threshold 7 Enable the int...

Page 32: ...de regular expression Available in any view Display summary information about discarded packets on all interfaces display packet drop summary begin exclude include regular expression Available in any...

Page 33: ...ice identifications When you configure a rule on an authentication or security server to permit or deny packets generated by a device you can simplify the rule by configuring it to permit or deny pack...

Page 34: ...null interface provides a simpler way to filter packets than ACL You can filter uninteresting traffic by transmitting it to a null interface instead of applying an ACL For example by executing the ip...

Page 35: ...ble in any view Display information about the null interface display interface null brief down begin exclude include regular expression display interface null 0 brief begin exclude include regular exp...

Page 36: ...ome commands after being executed on both an aggregate interface and its member interfaces can break up the aggregation No limit is set on the maximum number of interfaces in an interface range The mo...

Page 37: ...of all but the incoming port To view MAC address table information use the display mac address command as follows Sysname display mac address MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 000f e201 0...

Page 38: ...specific user for security concerns you can configure the MAC address of this user as a blackhole MAC address entry A static or blackhole MAC address entry can overwrite a dynamic MAC address entry b...

Page 39: ...or modify a static or dynamic MAC address entry mac address dynamic static mac address vlan vlan id By default no MAC address entry is configured Make sure that you have created the VLAN and assigned...

Page 40: ...hich might affect device performance To configure the aging timer for dynamic MAC address entries Step Command Remarks 1 Enter system view system view N A 2 Configure the aging timer for dynamic MAC a...

Page 41: ...AC address is sent within the cluster The switch then adds the virtual MAC address to its MAC address table and packets destined for the server use the virtual MAC address although not used by the ser...

Page 42: ...ot configure the MAC learning limit on any member ports of an aggregation group Otherwise the member ports cannot be selected Enabling MAC address roaming After you enable MAC address roaming on an IR...

Page 43: ...time and migration times in the last one minute MAC address migration refers to this process a device learns a MAC address from an interface Port A for example and the device later learns the MAC addr...

Page 44: ...system or interface MAC address learning state display mac address mac learning interface type interface number begin exclude include regular expression Available in any view Display MAC address stati...

Page 45: ...ng 500 Display the MAC address entry for port Ethernet 1 0 1 Sysname display mac address interface ethernet 1 0 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 000f e235 dc71 1 Config static Ethernet...

Page 46: ...rap messages to the monitor end The device writes information and sends messages only for the following MAC addresses automatically learned source MAC addresses MAC addresses that pass MAC authenticat...

Page 47: ...Remarks 1 Enter system view system view N A 2 Set the interval for sending Syslog or trap messages mac address information interval interval time Optional One second by default Configuring the MAC In...

Page 48: ...to Host B see Network Management and Monitoring Configuration Guide 2 Enable MAC Information Enable MAC Information on Device Device system view Device mac address information enable Configure MAC In...

Page 49: ...gregate interface To an upper layer entity that uses the link aggregation service a link aggregation group appears to be a single logical link and data traffic is transmitted through the aggregate int...

Page 50: ...er VLAN priority mappings inner to outer VLAN tag mappings inner VLAN ID substitution mappings VLAN Permitted VLANs PVID link type trunk hybrid or access IP subnet based VLAN configuration protocol ba...

Page 51: ...tion Guide 2 LACP priorities LACP priorities have the following types system LACP priority and port aggregation priority Table 4 LACP priorities Type Description Remarks System LACP priority Used by t...

Page 52: ...gregation group You must manually maintain the aggregation state of the member ports The static link aggregation process comprises Selecting a reference port Setting the aggregation state of each memb...

Page 53: ...with the lower MAC address wins 2 The system with the smaller system ID selects the port with the smallest port ID as the reference port A port ID comprises a port aggregation priority and a port num...

Page 54: ...s exist in the group When the aggregation state of a member port changes the aggregation state of its peer port also changes After the Selected port limit has been reached a port assigned to the dynam...

Page 55: ...a device reboot can cause the aggregation state of member ports to change Ethernet link aggregation configuration task list Task Remarks Configuring an aggregation group Configuring a static aggregati...

Page 56: ...nterface type Reference Interfaces configured with IP addresses IP addressing in Layer 3 IP Services Configuration Guide Interfaces configured as DHCP BOOTP clients DHCP in Layer 3 IP Services Configu...

Page 57: ...on interface number When you create a Layer 3 aggregate interface the system automatically creates a Layer 3 static aggregation group numbered the same 3 Exit to system view quit N A 4 Assign an Ether...

Page 58: ...ic aggregation mode 5 Exit to system view quit N A 6 Assign an Ethernet interface to the aggregation group a Enter Layer 2 Ethernet interface view interface interface type interface number b Assign th...

Page 59: ...ernet interface to the aggregation group port link aggregation group number Repeat these two sub steps to assign more Layer 3 Ethernet interfaces to the aggregation group 7 Assign the port an aggregat...

Page 60: ...the MTU of a Layer 3 aggregate interface Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 3 aggregate interface view interface route aggregation interface number N A 3 Configure...

Page 61: ...te and the link of the aggregate interface goes up After you manually configure the maximum number of Selected ports in an aggregation group the configured value applies You can configure redundancy b...

Page 62: ...gregation state and link state of ports in the corresponding aggregation group in the following ways When an aggregate interface is shut down all Selected ports in the corresponding aggregation group...

Page 63: ...configure global or group specific load sharing criteria A link aggregation group preferentially uses the group specific load sharing criteria If no group specific load sharing criteria are available...

Page 64: ...ult load sharing criteria are the same as the global load sharing criteria In Layer 2 aggregate interface view the switch supports the following load sharing criteria and combinations Load sharing cri...

Page 65: ...ss device link aggregation group Link aggregation traffic redirection prevents traffic interruption when you reboot a IRF member switch that contains link aggregation member ports For more information...

Page 66: ...ble in any view Display the global or group specific link aggregation load sharing criteria display link aggregation load sharing mode interface bridge aggregation route aggregation interface number b...

Page 67: ...Ethernet interfaces Ethernet 1 0 1 through Ethernet 1 0 3 Configure a Layer 2 static aggregation group on both Device A and Device B Enable VLAN 10 at one end of the aggregate link to communicate wit...

Page 68: ...A Bridge Aggregation1 quit Configure Device A to use the source and destination MAC addresses of packets as the global link aggregation load sharing criteria DeviceA link aggregation load sharing mode...

Page 69: ...nable traffic to be load shared across aggregation group member ports based on source and destination MAC addresses Figure 15 Network diagram Configuration procedure 1 Configure Device A Create VLAN 1...

Page 70: ...aggregation load sharing mode source mac destination mac 2 Configure Device B in the same way as you configure Device A 3 Verify the configurations Display summary information about all aggregation g...

Page 71: ...ggregation1 ip address 192 168 1 1 24 DeviceA Route Aggregation1 quit Assign Layer 3 Ethernet interfaces Ethernet 1 0 1 through Ethernet 1 0 3 to aggregation group 1 DeviceA interface ethernet 1 0 1 D...

Page 72: ...ure 17 Device A and Device B are connected by their Layer 3 Ethernet interfaces Ethernet 1 0 1 through Ethernet 1 0 3 Configure a Layer 3 dynamic aggregation group on both Device A and Device B and co...

Page 73: ...ation groups on Device A DeviceA display link aggregation summary Aggregation Interface Type BAGG Bridge Aggregation RAGG Route Aggregation Aggregation Mode S Static D Dynamic Loadsharing Type Shar Lo...

Page 74: ...p Command Remarks 1 Enter system view system view N A 2 Enter interface view or port group view Enter Ethernet interface view interface interface type interface number Enter Layer 2 aggregate interfac...

Page 75: ...gram Configuration procedure Add ports Ethernet 1 0 1 Ethernet 1 0 2 and Ethernet 1 0 3 to the isolation group Device system view Device interface ethernet 1 0 1 Device Ethernet1 0 1 port isolate enab...

Page 76: ...ols derived from that protocol STP protocol packets STP uses bridge protocol data units BPDUs also known as configuration messages as its protocol packets STP enabled network devices exchange BPDUs to...

Page 77: ...orts Classification Designated bridge Designated port For a device Device directly connected with the local device and responsible for forwarding BPDUs to the local device Port through which the desig...

Page 78: ...on BPDU and the path cost of the root port the device calculates a designated port configuration BPDU for each of the other ports The root bridge ID is replaced with that of the configuration BPDU of...

Page 79: ...oot path cost in a configuration BPDU plus the path cost of a receiving port is S The configuration BPDU with the smallest S value has the highest priority If all configuration BPDUs have the same por...

Page 80: ...uration BPDU of any port and starts to periodically send configuration BPDUs Port A1 0 0 0 Port A1 Port A2 0 0 0 Port A2 Device B Port B1 receives the configuration BPDU of Port A1 0 0 0 Port A1 finds...

Page 81: ...ing configuration BPDU 0 10 2 Port C2 and updates its configuration BPDU Port C1 receives a periodic configuration BPDU 0 0 0 Port A2 from Port A2 finds that it is the same as the existing configurati...

Page 82: ...blish a new path to restore the network connectivity However the newly calculated configuration BPDU cannot be propagated throughout the network immediately so the old root ports and designated ports...

Page 83: ...ee PVST allows each VLAN to build a separate spanning tree PVST uses the following BPDUs STP BPDUs Sent by access ports according to the VLAN status or by trunk ports and hybrid ports according to the...

Page 84: ...proliferation and endless cycling of packets in a loop network In addition it supports load balancing of VLAN data by providing multiple redundant paths for data forwarding MSTP basic concepts Figure...

Page 85: ...ach spanning tree is referred to as a multiple spanning tree instance MSTI In Figure 23 MST region 3 comprises three MSTIs MSTI 1 MSTI 2 and MSTI 0 VLAN to instance mapping table As an attribute of an...

Page 86: ...ed on the topology different spanning trees in an MST region might have different regional roots For example in MST region 3 in Figure 23 the regional root of MSTI 1 is Device B the regional root of M...

Page 87: ...er port on the other MSTIs Boundary port Connects an MST region to another MST region or to an STP RSTP running device In MSTP calculation a boundary port s role on an MSTI is consistent with its role...

Page 88: ...different MSTIs for different VLANs based on the VLAN to instance mappings For each spanning tree MSTP performs a separate calculation process similar to spanning tree calculation in STP For more info...

Page 89: ...n an aggregation member port can take effect only after the port is removed from the aggregation group After you enable a spanning tree protocol on a Layer 2 aggregate interface the system performs sp...

Page 90: ...the root bridge Setting the spanning tree mode Required Configure the device to operate in RSTP mode Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Opt...

Page 91: ...nning tree mode Required Configure the device to operate in PVST mode Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the network d...

Page 92: ...e priority Optional Configuring the maximum hops of an MST region Optional Configuring the network diameter of a switched network Optional Configuring spanning tree timers Optional Configuring the tim...

Page 93: ...mode does not transit to the RSTP mode when receiving RSTP BPDUs from the peer device PVST mode The device sends PVST BPDUs through all ports and maintains a spanning tree for each VLAN The number of...

Page 94: ...tomatically maps VLANs to MSTIs and supports more MSTIs than in MSTP mode When you change the spanning tree mode from PVST to MSTP exceeding VLAN to instance mappings arranged in ascending order of MS...

Page 95: ...he primary root bridge However if you specify a new primary root bridge for the instance then the one you specify not the secondary root bridge will become the root bridge If you have specified multip...

Page 96: ...cted as the root bridge of a spanning tree A lower numeric value indicates a higher priority You can set the priority of a device to a low value to specify the device as the root bridge of the spannin...

Page 97: ...optimal hello time forward delay and max age for the device To configure the network diameter of a switched network Step Command Remarks 1 Enter system view system view N A 2 Configure the network di...

Page 98: ...ated to the network diameter of the switched network The larger the network diameter is the longer the forward delay time should be If the forward delay timer is too short temporary redundant paths mi...

Page 99: ...ve a BPDU from the upstream device because the upstream device is busy If a spanning tree calculation occurs the calculation can fail and also waste network resources In a stable network you can preve...

Page 100: ...ceives a BPDU from another port To restore the edge port re enable it If a port directly connects to a user terminal configure it as an edge port and enable BPDU guard for it This enables the port to...

Page 101: ...rts based on a private standard Table 14 shows the mappings between the link speed and the path cost Table 14 Mappings between the link speed and the path cost Link speed Port type Path cost IEEE 802...

Page 102: ...takes the smallest value As a result the forwarding path selected might not be optimal To solve this problem use dot1t as the standard for default path cost calculation or manually set the path cost f...

Page 103: ...ernet 1 0 3 Sysname Ethernet1 0 3 stp vlan 20 to 30 cost 2000 Configuring the port priority When the priority of a port changes MSTP re calculates the role of the port and initiates a state transition...

Page 104: ...stp point to point force false or stp point to point force true command configured on a port in MSTP or PVST mode takes effect on all MSTIs or VLANs If the physical link to which the port connects is...

Page 105: ...protection Ports disabled in this way can be re activated after a detection interval For more information about the detection interval see Fundamentals Configuration Guide To configure the MSTP packe...

Page 106: ...RSTP MSTP mode In STP RSTP MSTP mode make sure that the spanning tree feature is enabled globally and on the desired ports To enable the spanning tree feature in STP RSTP MSTP mode Step Command Remark...

Page 107: ...the MSTP RSTP or PVST mode Suppose Device A running STP Device B with no spanning tree feature enabled and Device C running MSTP RSTP or PVST are connected in order Device B will transparently transm...

Page 108: ...t Snooping make sure that associated devices of different vendors are connected and run spanning tree protocols With digest snooping enabled in the same region verification does not require comparison...

Page 109: ...Disabled by default Digest Snooping configuration example Network requirements As shown in Figure 25 Device A and Device B connect to Device C which is a third party device All these devices are in t...

Page 110: ...t by designated ports to request rapid transition Agreement Used to acknowledge rapid transition requests Both RSTP and MSTP devices can perform rapid transition on a designated port only when the por...

Page 111: ...able the designated port of the upstream device to transit its state rapidly Configuration prerequisites Before you configure the No Agreement Check function complete the following tasks Connect a dev...

Page 112: ...net 1 0 1 of Device A DeviceA system view DeviceA interface ethernet 1 0 1 DeviceA Ethernet1 0 1 stp no agreement check Configuring TC snooping Figure 29 shows a topology change TC snooping applicatio...

Page 113: ...eature before enable TC snooping TC snooping does not take effect on the ports on which BPDU tunneling is enabled for spanning tree protocols For more information about BPDU tunneling see Configuring...

Page 114: ...pback testing see Configuring Ethernet interfaces Enabling root guard The root bridge and secondary root bridge of a spanning tree should be located in the same MST region Especially for the CIST the...

Page 115: ...orwarding state resulting in loops in the switched network The loop guard function can suppress the occurrence of such loops The initial state of a loop guard enabled port is discarding in every MSTI...

Page 116: ...10 seconds stp tc protection threshold number Optional 6 by default NOTE H3C does not recommend you disable this feature Enabling BPDU drop In a spanning tree network after receiving BPDUs the device...

Page 117: ...instance instance id vlan vlan id interface interface list slot slot number brief begin exclude include regular expression Available in any view Display the MST region configuration information that h...

Page 118: ...T region as 0 DeviceA system view DeviceA stp region configuration DeviceA mst region region name example DeviceA mst region instance 1 vlan 10 DeviceA mst region instance 3 vlan 30 DeviceA mst region...

Page 119: ...t region instance 1 vlan 10 DeviceC mst region instance 3 vlan 30 DeviceC mst region instance 4 vlan 40 DeviceC mst region revision level 0 Activate MST region configuration DeviceC mst region active...

Page 120: ...1 0 1 DESI FORWARDING NONE 0 Ethernet1 0 2 DESI FORWARDING NONE 0 Ethernet1 0 3 DESI FORWARDING NONE 1 Ethernet1 0 2 DESI FORWARDING NONE 1 Ethernet1 0 3 ROOT FORWARDING NONE 3 Ethernet1 0 1 DESI FORW...

Page 121: ...forwarded along different spanning trees VLAN 10 VLAN 20 and VLAN 30 are terminated on the distribution layer devices and VLAN 40 is terminated on the access layer devices The root bridge of VLAN 10 a...

Page 122: ...iew DeviceB stp mode pvst Specify the device as the root bridge of VLAN 30 DeviceB stp vlan 30 root primary Enable the spanning tree feature globally and for VLANs 10 20 and 30 DeviceB stp enable Devi...

Page 123: ...T FORWARDING NONE 30 Ethernet1 0 1 DESI FORWARDING NONE 30 Ethernet1 0 3 DESI FORWARDING NONE Display brief spanning tree information on Device C DeviceC display stp brief VLAN Port Role STP State Pro...

Page 124: ...109 Figure 33 Spanning trees mapped to different VLANs...

Page 125: ...r the packet is from the user network or the service provider network and must deliver the packet to the CPU for processing In this case the Layer 2 protocol calculation in User A s network is mixed w...

Page 126: ...es at that side of the customer network send BPDUs to devices on the other side of the customer network to ensure consistent spanning tree calculation in the entire customer network However because BP...

Page 127: ...cast MAC address for example In the service provider network the modified BPDU is forwarded as a data packet in the VLAN assigned to User A 2 At the egress of the service provider network PE 2 recogni...

Page 128: ...ernet interface view or port group view Step Command Remarks 1 Enter system view system view N A 2 Enter Ethernet interface view or port group view Enter Layer 2 Ethernet interface view interface inte...

Page 129: ...the geographically dispersed network of User A PE 1 and PE 2 are edge devices on the service provider network All ports that connect service provider devices and customer devices are access ports and...

Page 130: ...nd then enable BPDU tunneling for STP on it PE2 Ethernet1 0 2 undo stp enable PE2 Ethernet1 0 2 bpdu tunnel dot1q stp BPDU tunneling for PVST configuration example Network requirements As shown in Fig...

Page 131: ...E1 Ethernet1 0 1 undo stp enable PE1 Ethernet1 0 1 bpdu tunnel dot1q stp PE1 Ethernet1 0 1 bpdu tunnel dot1q pvst 2 Configure PE 2 Configure the destination multicast MAC address for BPDUs as 0x0100 0...

Page 132: ...locations VLAN technology delivers the following benefits 1 Confining broadcast traffic within individual VLANs This reduces bandwidth waste and improves network performance 2 Improving LAN security...

Page 133: ...r a received frame carries a VLAN tag by checking the TPID value When the TPID value of a frame is the configured value or 0x8100 the frame is considered as a VLAN tagged frame For information about c...

Page 134: ...ed You cannot manually create or remove VLANs reserved for special purposes To delete a protocol reserved VLAN voice VLAN management VLAN dynamic VLAN VLAN with a QoS policy applied control VLAN for a...

Page 135: ...itial settings are used and no VLAN interface exists on the device When the device starts up with the default configuration file the software default settings are used and VLAN interface 1 exists on t...

Page 136: ...s shown in Figure 41 PC A is assigned to VLAN 5 PC B is assigned to VLAN 10 The PCs belong to different IP subnets and cannot communicate with each other Configure VLAN interfaces on Switch A and conf...

Page 137: ...ure the link type of a port as access trunk or hybrid The link types use the following VLAN tag handling methods An access port belongs to only one VLAN and sends traffic untagged It is usually used t...

Page 138: ...g Receives the frame if its VLAN ID is the same as the PVID Drops the frame if its VLAN ID is different from the PVID Removes the VLAN tag and sends the frame Trunk Checks whether the PVID is permitte...

Page 139: ...gregate interface and its aggregation member ports If the system fails to apply the configuration to the aggregate interface it stops applying the configuration to aggregation member ports If the syst...

Page 140: ...moves to the next member port 3 Configure the link type of the ports as trunk port link type trunk By default all ports are access ports To change the link type of a port from trunk to hybrid or vice...

Page 141: ...e to access first 4 Assign the hybrid ports to the specified VLANs port hybrid vlan vlan list tagged untagged By default a hybrid port allows only packets of VLAN 1 to pass through untagged 5 Configur...

Page 142: ...0 3 port trunk permit vlan 100 200 Please wait Done 2 Configure Device B as you configure Device A 3 Configure Host A and Host C to be on the same IP subnet 192 168 100 0 24 for example Configure Hos...

Page 143: ...atch a The device first performs a fuzzy match In the fuzzy match the device searches the MAC address to VLAN entries whose masks are not all Fs and performs a logical AND operation on the source MAC...

Page 144: ...as follows If the source MAC address of the frame exactly matches a MAC address to VLAN entry configured on the port the port checks whether the VLAN ID of the frame is the same as the VLAN in the MA...

Page 145: ...d VLAN assignment enabled packets are delivered to the CPU for processing The packet processing mode has the highest priority and overrides the configuration of MAC learning limit and disabling of MAC...

Page 146: ...onfigure the hybrid ports to permit packets from specific MAC based VLANs to pass through port hybrid vlan vlan list tagged untagged By default a hybrid port only permits the packets from VLAN 1 to pa...

Page 147: ...By default when a port receives a packet with an unknown source MAC address that does not match to any MAC address to VLAN entry it forwards the packet in its PVID To configure dynamic MAC based VLAN...

Page 148: ...Configuration consideration Create VLANs 100 and 200 Configure the uplink ports of Device A and Device C as trunk ports and assign them to VLANs 100 and 200 Configure the downlink ports of Device B as...

Page 149: ...it to VLANs 100 and 200 DeviceA interface ethernet 1 0 2 DeviceA Ethernet1 0 2 port link type trunk DeviceA Ethernet1 0 2 port trunk permit vlan 100 200 DeviceA Ethernet1 0 2 quit 2 Configure Device B...

Page 150: ...SNAP A protocol template defines a protocol type and an encapsulation format A protocol based VLAN ID and a protocol index combined can uniquely identify a protocol template You can assign multiple pr...

Page 151: ...quit N A 5 Enter interface view or port group view Enter Layer 2 Ethernet interface view interface interface type interface number Enter Layer 2 aggregate interface view interface bridge aggregation i...

Page 152: ...based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2 Configuration procedure 1 Configure Device Create VLAN 100 and assign port Ethernet 1 0 11 to VLAN 100 Device system view Device vlan 10...

Page 153: ...ease wait Done Device Ethernet1 0 2 port hybrid protocol vlan vlan 100 1 Device Ethernet1 0 2 port hybrid protocol vlan vlan 200 1 2 Keep the default settings of L2 Switch A and L2 Switch B 3 Configur...

Page 154: ...a received untagged packet to a VLAN based on the source address of the packet This feature is used to assign packets from the specified IP subnet or IP address to a specific VLAN Configuration proced...

Page 155: ...aggregation member ports If the system fails to apply the configuration to an aggregation member port it skips the port and moves to the next member port 6 Configure port link type as hybrid port lin...

Page 156: ...ceC vlan 200 DeviceC vlan200 ip subnet vlan ip 192 168 50 0 255 255 255 0 DeviceC vlan200 quit Configure interface Ethernet 1 0 1 1 to permit packets of VLAN 100 to pass through DeviceC interface ethe...

Page 157: ...based VLAN information on Ethernet 1 0 1 DeviceC display ip subnet vlan interface ethernet 1 0 1 Interface Ethernet1 0 1 VLAN ID Subnet Index IP ADDRESS NET MASK 100 0 192 168 5 0 255 255 255 0 200 0...

Page 158: ...AN information on specified interfaces display protocol vlan interface interface type interface number to interface type interface number all begin exclude include regular expression Available in any...

Page 159: ...IPv6 network enable local proxy ND on the VLAN interface so that the super VLAN can forward and process the Neighbor Solicitation NS messages and Neighbor Advertisement NA messages Configuration proc...

Page 160: ...for a port and vice versa For more information about guest VLANs see Security Configuration Guide You can configure Layer 2 multicast for a super VLAN but the configuration is ineffective You can con...

Page 161: ...nd Ethernet 1 0 5 and Ethernet 1 0 6 to VLAN 5 The sub VLANs are isolated at Layer 2 but connected at Layer 3 Figure 47 Network diagram Configuration procedure Create VLAN 10 and configure its VLAN in...

Page 162: ...lay information about VLAN 10 the super VLAN to verify the configuration Sysname display supervlan SuperVLAN ID 10 SubVLAN ID 2 3 5 VLAN ID 10 VLAN Type static It is a Super VLAN Route Interface confi...

Page 163: ...d Ports none Untagged Ports Ethernet1 0 3 Ethernet1 0 4 VLAN ID 5 VLAN Type static It is a Sub VLAN Route Interface configured IPv4 Address 10 0 0 1 IPv4 Subnet Mask 255 255 255 0 Description VLAN 000...

Page 164: ...d with the same isolate user VLAN you can enable local proxy ARP on the upstream device for example Device A in Figure 48 to realize Layer 3 communication between the secondary VLANs As shown in Figur...

Page 165: ...e information about the service loopback group see Configuring service loopback groups Configuration procedure To configure an isolate user VLAN Step Command Remarks 1 Enter system view system view N...

Page 166: ...interface type interface number Or interface bridge aggregation interface number b Configure the link type of the port port link type access hybrid trunk c Assign the downlink port to the secondary V...

Page 167: ...0 3 to VLAN 3 and Ethernet 1 0 4 to VLAN 4 As far as Device A is concerned Device B only has VLAN 5 and Device C only has VLAN 6 Figure 49 Network diagram Configuration procedure The following part p...

Page 168: ...Configure the uplink port Ethernet 1 0 5 to operate in promiscuous mode in VLAN 6 DeviceC interface ethernet 1 0 5 DeviceC Ethernet1 0 5 port isolate user vlan 6 promiscuous DeviceC Ethernet1 0 5 qui...

Page 169: ...AN type secondary Route Interface not configured Description VLAN 0002 Name VLAN 0002 Tagged Ports none Untagged Ports Ethernet1 0 2 Ethernet1 0 5 VLAN ID 3 VLAN Type static Isolate user VLAN type sec...

Page 170: ...dresses A device determines whether a received packet is a voice packet by evaluating its source MAC address A packet whose source MAC address complies with the Organizationally Unique Identifier OUI...

Page 171: ...When an IP phone supports CDP rather than LLDP you can configure CDP compatibility to enable the device to advertise the voice VLAN information to IP phones through the CDP packets For more informatio...

Page 172: ...y connected to the device This connection method applies when the IP phone sends out untagged voice packets In this case you must configure the voice VLAN as the PVID of the port and configure the por...

Page 173: ...ice VLAN assignment modes and IP phones Both modes forward tagged packets sent out of IP phones according to their tags Some IP phones can send out VLAN tagged packets and some IP phones can send out...

Page 174: ...ering mechanisms voice VLAN enabled ports operate in the following modes Normal mode Voice VLAN enabled ports receive packets that carry the voice VLAN tag and forward packets in the voice VLAN withou...

Page 175: ...LAN on the interface If the configuration order is reversed your priority configuration will fail For more information see Configuring QoS priority settings for voice traffic on an interface Configure...

Page 176: ...as both a protocol based VLAN and a voice VLAN For more information see Configuring VLANs Do not configure automatic voice VLAN assignment together with MSTP because the former is mainly configured on...

Page 177: ...8 Enable the voice VLAN feature voice vlan vlan id enable By default the voice VLAN feature is disabled Configuring a port to operate in manual voice VLAN assignment mode Configuration restrictions an...

Page 178: ...to automatically discover IP phones In a traditional voice VLAN network the switch maps the source MAC addresses of IP phones to a limited number of OUI addresses to allow them to access the network T...

Page 179: ...abled IP phones For more information about CDP compatibility see Configuring LLDP Configuration guidelines By default if the voice VLAN feature is configured on an LLDP enabled port LLDP advertises th...

Page 180: ...for LLDP enabled IP phones If 802 1X authentication is used make sure the IP phones also support 802 1X authentication To implement this function for an IP phone perform the following configuration t...

Page 181: ...ate begin exclude include regular expression Available in any view Display the OUI addresses that the system supports display voice vlan oui begin exclude include regular expression Available in any v...

Page 182: ...1 1 2200 0000 In this way Device A identifies packets whose MAC addresses match any of the configured OUI addresses as voice packets DeviceA voice vlan mac address 0011 1100 0001 mask ffff ff00 0000 d...

Page 183: ...one Display the states of voice VLANs DeviceA display voice vlan state Maximum of Voice VLANs 128 Current Voice VLANs 2 Voice VLAN security mode Security Voice VLAN aging time 30 minutes Voice VLAN en...

Page 184: ...hybrid Configure the voice VLAN VLAN 2 as the PVID of Ethernet 1 0 1 and configure Ethernet 1 0 1 to permit the voice traffic of VLAN 2 to pass through untagged DeviceA Ethernet1 0 1 port hybrid pvid...

Page 185: ...eviceA display voice vlan state Maximum of Voice VLANs 128 Current Voice VLANs 1 Voice VLAN security mode Security Voice VLAN aging time 1440 minutes Voice VLAN enabled port and its mode PORT VLAN MOD...

Page 186: ...application GVRP for example is a GARP participant GARP enables GARP participants to propagate attribute values throughout the switched LAN As shown in Figure 57 a GARP participant registers and dereg...

Page 187: ...ibute value changes or a Join or Leave message arrives the GARP participant does not send the message immediately Rather it assembles Join and Leave messages in the least number of GARP PDUs and sends...

Page 188: ...esets its LeaveAll timer GARP PDU format Figure 58 GARP PDU format As shown in Figure 58 GARP PDUs are encapsulated in IEEE 802 3 Ethernet frames Table 19 GARP PDU fields Field Description Value Proto...

Page 189: ...hes in a LAN maintain the same VLAN information The VLAN information propagated by GVRP includes not only manually configured static VLAN information but also dynamic VLAN information from other switc...

Page 190: ...ST cannot receive or send GVRP packets For more information about STP RSTP MSTP CIST and PVST see Configuring spanning tree protocols Do not enable both GVRP and remote port mirroring Otherwise GVRP m...

Page 191: ...mer garp timer leaveall timer value Optional 1000 centiseconds by default The LeaveAll timer applies to all ports 3 Enter Ethernet interface view Layer 2 aggregate interface view or port group view En...

Page 192: ...ar expression Available in any view Display the local VLAN information that GVRP maintains on ports display gvrp local vlan interface interface type interface number begin exclude include regular expr...

Page 193: ...1 0 1 quit Create VLAN 2 a static VLAN DeviceA vlan 2 DeviceA vlan2 quit 2 Configure Device B Enable GVRP globally DeviceB system view DeviceB gvrp Configure port Ethernet 1 0 1 as a trunk port and as...

Page 194: ...hrough their ports Ethernet 1 0 1 Enable GVRP and configure the fixed registration mode on ports to enable the registration and deregistration of static VLAN information between the two devices Figure...

Page 195: ...VLAN information of VLAN 2 on the local device are registered through GVRP but dynamic VLAN information of VLAN 3 on Device B is not Display the local VLAN information that GVRP maintains on port Eth...

Page 196: ...net1 0 1 gvrp registration forbidden DeviceB Ethernet1 0 1 quit Create VLAN 3 a static VLAN DeviceB vlan 3 DeviceB vlan3 quit 3 Verify the configuration Use the display gvrp local vlan command to disp...

Page 197: ...ve multiple CVLANs Background and benefits The IEEE 802 1Q VLAN tag uses 12 bits for VLAN IDs A device supports a maximum of 4094 VLANs This is far from enough for isolating users in actual networks e...

Page 198: ...and traffic from different customers can be identified separately The double tagged Ethernet frame is then transmitted over the service provider network and arrives at the other PE The PE removes the...

Page 199: ...dition to all the functions of basic QinQ selective QinQ enables a port to perform the following per CVLAN actions for incoming frames Tag frames from different CVLANs with different SVLAN tags Mark t...

Page 200: ...bled port tags an incoming packet with its PVID tag To enable basic QinQ Step Command Remarks 1 Enter system view system view N A 2 Enter interface view or port group view Enter Layer 2 Ethernet inter...

Page 201: ...her command 5 Enable basic QinQ on the ports qinq enable By default basic QinQ is disabled on ports 6 Configure VLAN transparent transmission on the ports qinq transparent vlan vlan list By default VL...

Page 202: ...higher priority than basic QinQ A received frame is tagged with an outer VLAN ID based on basic QinQ only after it fails to match the match criteria defined in the traffic class Configuring an inner o...

Page 203: ...ifier name behavior behavior name N A 10 Return to system view quit N A 11 Enter Ethernet interface view or port group view of the customer network side port Enter Ethernet interface view interface in...

Page 204: ...group manual port group name Use either command 13 Apply the QoS policy to the outgoing traffic qos apply policy policy name outbound N A Configuring the TPID value in VLAN tags Tag Protocol Identifi...

Page 205: ...t interface view or Layer 2 aggregate interface view interface interface type interface number Enter port group view port group manual port group name N A 3 Configure the SVLAN TPID qinq ethernet type...

Page 206: ...E1 Ethernet1 0 1 port trunk permit vlan 100 Configure VLAN 100 as the PVID for the port PE1 Ethernet1 0 1 port trunk pvid vlan 100 Enable basic QinQ on the port PE1 Ethernet1 0 1 qinq enable PE1 Ether...

Page 207: ...PE2 Ethernet1 0 1 quit Configure Ethernet 1 0 2 Configure Ethernet 1 0 2 as a trunk port and assign it to VLAN 100 and VLAN 200 PE2 interface ethernet 1 0 2 PE2 Ethernet1 0 2 port link type trunk PE2...

Page 208: ...ags added Figure 65 Network diagram Configuration procedure IMPORTANT Make sure that you have configured the switches in the service provider network to allow QinQ packets to pass through 1 Configure...

Page 209: ...1 0 2 PE2 Ethernet1 0 2 port link type trunk PE2 Ethernet1 0 2 port trunk permit vlan 10 to 50 Set the TPID value in the outer VLAN tag to 0x8200 on the port PE2 Ethernet1 0 2 qinq ethernet type serv...

Page 210: ...ntagged PE1 Ethernet1 0 1 quit Create class A10 and configure the class to match frames from Site 1 with CVLAN 10 PE1 traffic classifier A10 PE1 classifier A10 if match customer vlan id 10 PE1 classif...

Page 211: ...hernet type service tag 8200 PE1 Ethernet1 0 2 quit 2 Configure PE 2 Configure Ethernet 1 0 1 Configure Ethernet 1 0 1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagg...

Page 212: ...tags to 0x8200 PE2 Ethernet1 0 2 qinq ethernet type service tag 8200 PE2 Ethernet1 0 2 quit 3 On the third party devices between PE 1 and PE 2 configure the port that connects to PE 1 and that connec...

Page 213: ...200 untagged PE1 Ethernet1 0 1 quit Create class A10 and configure the class to match frames with CVLAN 10 PE1 traffic classifier A10 PE1 classifier A10 if match customer vlan id 10 PE1 classifier A10...

Page 214: ...classifier A100 if match customer vlan id 10 PE1 classifier A100 if match service vlan id 100 PE1 classifier A100 quit Configure traffic behavior T100 to mark matching packets with CVLAN 30 PE1 traff...

Page 215: ...00 and add the action of inserting outer VLAN tag 200 PE2 traffic classifier A40 PE2 classifier A40 if match customer vlan id 40 PE2 classifier A40 quit PE2 traffic behavior P200 PE2 behavior P200 nes...

Page 216: ...PE2 behavior T200 remark customer vlan id 20 PE2 behavior T200 quit Create a QoS policy named sqinq associate traffic class A100 with traffic behavior T100 and associate traffic class A200 with traff...

Page 217: ...from different VLANs to regulate the aggregate traffic as a whole Many to one VLAN mapping is usually used together with one to one VLAN mapping Two to two VLAN mapping Replaces the outer and inner VL...

Page 218: ...to two VLAN mapping Figure 69 shows a typical application scenario in which two remote sites of VPN A Site 1 and Site 2 must communicate across two SP networks SP 1 and SP 2 VLAN 101 102 VLAN 501 VLAN...

Page 219: ...in VLAN 3 PE 3 also replaces the inner tag VLAN 2 of the packet with VLAN 3 This process is two to two VLAN mapping 3 When PE 4 receives the packet with the new VLAN tag pair it removes the outer VLA...

Page 220: ...er side port through the following configurations as shown in Figure 71 Apply an uplink policy to the incoming traffic mapping each CVLAN ID to a unique SVLAN ID When a packet arrives the switch repla...

Page 221: ...CVLAN For downlink traffic apply an outbound policy on the customer side port to replace the double tags with the original VLAN tag pair Figure 73 Two to two VLAN mapping implementation VLAN mapping...

Page 222: ...y to map each CVLAN to a unique SVLAN Step Command Remarks 1 Enter system view system view N A 2 Create a class and enter class view traffic classifier tcl name operator and or Repeat these steps to c...

Page 223: ...t Step Command Remarks 1 Enter system view system view N A 2 Enter interface view or port group view Enter Layer 2 Ethernet interface view interface interface type interface number Enter port group vi...

Page 224: ...gged member port hybrid vlan vlan list tagged Use one of the commands By default A trunk port is assigned only to VLAN 1 A hybrid port is an untagged member of VLAN 1 Configuring many to one VLAN mapp...

Page 225: ...VLAN attributes of ARP packets which is impossible under the normal ARP packet processing procedure For more information about ARP detection see Security Configuration Guide To enable ARP detection i...

Page 226: ...rst To configure the customer side port Step Command Remarks 1 Enter system view system view N A 2 Enter interface view or port group view Enter Layer 2 Ethernet interface view interface interface typ...

Page 227: ...snooping trusted port dhcp snooping trust By default all ports are DHCP snooping untrusted ports 6 Configure the port as an ARP trusted port arp detection trust By default all ports are ARP untrusted...

Page 228: ...steps to create one class for each foreign CVLAN and SVLAN pair 3 Specify a foreign CVLAN as a match criterion if match customer vlan id vlan id 4 Specify a foreign SVLAN as a match criterion if match...

Page 229: ...a downlink policy for the customer side port The downlink policy on the customer side port replaces local SVLAN and CVLAN pairs with foreign SVLAN and CVLAN pairs To configure a downlink policy for t...

Page 230: ...rnet port is access 4 Assign the port to all SVLANs Assign the trunk port to VLANs port trunk permit vlan vlan list all Assign the hybrid port to VLANs as a tagged member port hybrid vlan vlan list ta...

Page 231: ...n Figure 74 Each home is offered PC VoD and VoIP services connects to a wiring closet switch through the home gateway and obtains the IP address through DHCP VLAN 1 is assigned for PC traffic VLAN 2 i...

Page 232: ...he SVLANs SwitchA system view SwitchA vlan 2 to 3 SwitchA vlan 101 to 102 SwitchA vlan 201 to 202 SwitchA vlan 301 to 302 Configure uplink policies p1 and p2 to enable one SVLAN to transmit one servic...

Page 233: ...cy p1 quit SwitchA qos policy p2 SwitchA policy p2 classifier c1 behavior b4 SwitchA policy p2 classifier c2 behavior b5 SwitchA policy p2 classifier c3 behavior b6 SwitchA policy p2 quit Configure do...

Page 234: ...0 1 quit Assign customer side port Ethernet 1 0 2 to CVLANs 1 to 3 and SVLANs 102 202 and 302 enable basic QinQ and apply uplink policy p2 to the incoming traffic and downlink policy p22 to the outgoi...

Page 235: ...enable one SVLAN to transmit the same type of traffic from different customers SwitchC traffic classifier c1 SwitchC classifier c1 if match customer vlan id 101 to 102 SwitchC classifier c1 traffic c...

Page 236: ...witchC Ethernet1 0 1 quit Assign customer side port Ethernet 1 0 2 to CVLANs 103 203 303 104 204 304 and SVLANs 501 to 503 On this port also enable customer side QinQ and apply uplink policy p2 to the...

Page 237: ...e traffic tagged with VLAN 10 PE1 system view PE1 interface ethernet 1 0 1 PE1 Ethernet1 0 1 port access vlan 100 PE1 Ethernet1 0 1 qinq enable PE1 Ethernet1 0 1 quit Configure the uplink port Etherne...

Page 238: ...mer vlan id 10 PE3 behavior down_downlink remark service vlan id 100 PE3 behavior down_downlink quit PE3 qos policy down_downlink PE3 qospolicy down_downlink classifier down_downlink behavior down_dow...

Page 239: ...licy up_uplink outbound PE3 Ethernet1 0 2 quit 4 Configure PE 4 Configure QinQ function on Ethernet 1 0 2 to add outer VLAN tag 200 to the traffic tagged with VLAN 30 DeviceD system view DeviceD inter...

Page 240: ...a Units LLDPDUs to the directly connected devices At the same time the device stores the device information received in LLDPDUs sent from the LLDP neighbors in a standard management information base M...

Page 241: ...s MAC address to which the LLDPDU is advertised It is fixed at 0x0180 C200 000E a multicast MAC address Source MAC address MAC address of the sending port Type SNAP type for the upper layer protocol I...

Page 242: ...AC address of the sending port If the LLDPDU carries no LLDP MED TLVs the port ID TLV carries the port name Time To Live Specifies the life of the transmitted information on the receiving device End o...

Page 243: ...the aggregation status whether the link is in an aggregation Maximum Frame Size Indicates the supported maximum frame size It is now the maximum transmission unit MTU of the port Power Stateful Contr...

Page 244: ...gement address TLV encapsulates the management address How LLDP works Operating modes of LLDP LLDP can operate in one of the following modes TxRx mode A port in this mode sends and receives LLDPDUs Tx...

Page 245: ...ted configurations made in Layer 2 Layer 3 Ethernet interface view take effect only on the current port and those made in port group view take effect on all ports in the current port group The term La...

Page 246: ...LDPDUs To set the LLDP operating mode Step Command Remarks 1 Enter system view system view N A 2 Enter Ethernet interface view or port group view Enter Layer 2 Layer 3 Ethernet interface view interfac...

Page 247: ...se either command 3 Configure the advertisable TLVs Layer 2 Ethernet interface view or port group view lldp tlv enable basic tlv all port description system capability system description system name d...

Page 248: ...gement address tlv ip address Optional By default the management address is sent through LLDPDUs For a Layer 2 Ethernet port the management address is the main IP address of the lowest ID VLAN carried...

Page 249: ...nsmit interval lldp timer tx interval interval Optional 30 seconds by default 4 Set the LLDPDU transmit delay lldp timer tx delay delay Optional 2 seconds by default 5 Set the number of LLDPDUs sent e...

Page 250: ...that the switch sends to the neighboring CDP device carry the fields in Table 27 Table 27 Fields in CDP packets Field Description Device ID Device ID which is the bridge MAC address of the device Add...

Page 251: ...VLAN Configuration prerequisites Before you configure CDP compatibility complete the following tasks Globally enable LLDP Enable LLDP on the port connecting to a device supporting CDP and configure t...

Page 252: ...Disabled by default 4 Return to system view quit N A 5 Set the LLDP trap transmit interval lldp timer notification interval interval Optional 5 seconds by default Displaying and maintaining LLDP Task...

Page 253: ...ween Switch A and Switch B and the link between Switch A and the MED device on the NMS Figure 79 Network diagram Configuration procedure 1 Configure Switch A Enable LLDP globally SwitchA system view S...

Page 254: ...delay 2s Trap interval 5s Fast start times 3 Port 1 Ethernet1 0 1 Port status of LLDP Enable Admin status Rx_Only Trap flag No Polling interval 0s Number of neighbors 1 Number of MED neighbors 1 Numbe...

Page 255: ...status of LLDP Enable Admin status Rx_Only Trap flag No Polling interval 0s Number of neighbors 0 Number of MED neighbors 0 Number of CDP neighbors 0 Number of sent optional TLV 0 Number of received...

Page 256: ...p compliance cdp Enable LLDP you can skip this step because LLDP is enabled on ports by default configure LLDP to operate in TxRx mode and configure CDP compatible LLDP to operate in TxRx mode on Ethe...

Page 257: ...CDP neighbor index 2 Chassis ID SEP00141CBCDBFF Port ID Port 1 Sofrware version P0030301MFG2 Platform Cisco IP Phone 7960 Duplex Full As the sample output shows Switch A has discovered the IP phones...

Page 258: ...e following The port supports the services type or types of the service loopback group The port is not configured with multiple spanning tree protocol MSTP Link Layer Discovery Protocol LLDP Neighbor...

Page 259: ...he change to be successful make sure that the service group has not been referenced the attributes of all member ports if any do not conflict with the target service type and no service loopback group...

Page 260: ...ice loopback group to increase bandwidth and achieve load sharing for tunnel traffic Configuration procedure Create service loopback group 1 and specify the service type as tunnel unicast tunnel servi...

Page 261: ...able DeviceA Ethernet1 0 3 port service loopback group 1 DeviceA Ethernet1 0 3 quit Create logical interface Tunnel 1 and reference service loopback group 1 on Tunnel 1 DeviceA interface tunnel 1 Devi...

Page 262: ...following benefits over GVRP GVRP does not support the multiple spanning tree instance MSTI MVRP runs on a per MSTI basis and implements per VLAN redundant link calculation and load sharing MVRP decre...

Page 263: ...for the VLAN attribute is a JoinEmpty message because the VLAN attribute is not registered JoinIn An MRP participant sends JoinIn messages to declare attribute values that it has registered For exampl...

Page 264: ...message MRP starts the Leave timer and deregisters the attributes if it does not receive any Join message for the attributes before the Leave timer expires When an MRP participant sends or receives L...

Page 265: ...e Optional Configuring MRP timers Optional Enabling GVRP compatibility Optional Configuration prerequisites Before configuring MVRP perform the following tasks Make sure that all MSTIs in the network...

Page 266: ...te interface view interface interface type interface number Enter port group view port group manual port group name Use one of the commands 4 Configure the port to permit the specified VLANs port trun...

Page 267: ...r Enter port group view port group manual port group name Use one of the commands 3 Configure the LeaveAll timer mrp timer leaveall timer value Optional The default setting is 1000 centiseconds 4 Conf...

Page 268: ...MVRP with GVRP compatibility enabled works with MSTP the network might operate improperly When GVRP compatibility is enabled for MVRP H3C recommends disabling the Period timer Otherwise the VLAN stat...

Page 269: ...tics interface interface list Available in user view Configuration example for MVRP in normal registration mode Network requirements As shown in Figure 83 configure MSTP map VLAN 10 to MSTI 1 map VLAN...

Page 270: ...region name example DeviceA mst region instance 1 vlan 10 DeviceA mst region instance 2 vlan 20 DeviceA mst region revision level 0 Manually activate the MST region configuration DeviceA mst region a...

Page 271: ...re it to permit all VLANs DeviceA interface ethernet 1 0 3 DeviceA Ethernet1 0 3 port link type trunk DeviceA Ethernet1 0 3 port trunk permit vlan all Enable MVRP on port Ethernet 1 0 3 DeviceA Ethern...

Page 272: ...t all VLANs DeviceB interface ethernet 1 0 3 DeviceB Ethernet1 0 3 port link type trunk DeviceB Ethernet1 0 3 port trunk permit vlan all Enable MVRP on port Ethernet 1 0 3 DeviceB Ethernet1 0 3 mvrp e...

Page 273: ...ion level DeviceD mst region region name example DeviceD mst region instance 1 vlan 10 DeviceD mst region instance 2 vlan 20 DeviceD mst region revision level 0 Manually activate the MST region config...

Page 274: ...onds LeaveAll Timer 1000 centiseconds Registration Type Normal Local VLANs 1 default Ethernet1 0 2 Config Status Enabled Running Status Enabled Join Timer 20 centiseconds Leave Timer 60 centiseconds P...

Page 275: ...nds Periodic Timer 100 centiseconds LeaveAll Timer 1000 centiseconds Registration Type Normal Local VLANs 1 default 10 Ethernet1 0 3 Config Status Enabled Running Status Enabled Join Timer 20 centisec...

Page 276: ...ernet 1 0 1 has learned VLAN 1 dynamic VLAN 10 created on Device A and dynamic VLAN 20 created on Device B through MVRP Port Ethernet1 0 2 has learned VLAN 1 and dynamic VLAN 20 created on Device B th...

Page 277: ...play the local MVRP VLAN information on Ethernet 1 0 3 DeviceB display mvrp running status interface ethernet 1 0 3 MVRP Global Info Global Status Enabled Compliance GVRP False Ethernet1 0 3 Config St...

Page 278: ...0 centiseconds LeaveAll Timer 1000 centiseconds Registration Type Fixed Local VLANs 1 default 10 The output shows that the dynamic VLAN information on Ethernet 1 0 3 is not changed after you set the M...

Page 279: ...9 Configuring MRP timers 252 Configuring No Agreement Check 95 Configuring one to one VLAN mapping 207 Configuring path costs of ports 85 Configuring port based VLANs 122 Configuring protection functi...

Page 280: ...net link aggregation configuration examples 52 Ethernet link aggregation configuration task list 40 G GVRP configuration examples 177 GVRP configuration task list 174 I IP phone access methods 157 Iso...

Page 281: ...266 VLAN mapping configuration examples 216 VLAN mapping configuration tasks 206 Voice VLAN configuration examples 166...

Reviews:

No comments

Related manuals for S3600V2 SERIES

D-Link Verizon DSL-2750B Setup Manual preview
Verizon DSL-2750B
Brand: D-Link Pages: 6
D-Link DIR-857 Quick Installation Manual preview
DIR-857
Brand: D-Link Pages: 10
D-Link DSL-2740U Quick Installation Manual preview
DSL-2740U
Brand: D-Link Pages: 38
TC Electronic DB6 User Manual preview
DB6
Brand: TC Electronic Pages: 174
F5 i5000 Series Platform Manual preview
i5000 Series
Brand: F5 Pages: 72
Vonets MINI300 Quick Setting Manual preview
MINI300
Brand: Vonets Pages: 8
Netopia 3346-ENT Getting Started Manual preview
3346-ENT
Brand: Netopia Pages: 38
Funkwerk TR 200 aw/ bw Operating Instructions preview
TR 200 aw/ bw
Brand: Funkwerk Pages: 2
AT&T Nighthawk M6 Pro Let'S Get Started preview
Nighthawk M6 Pro
Brand: AT&T Pages: 2
IBM J02M Quick Start Manual preview
J02M
Brand: IBM Pages: 32
Jetter JetWeb JX2-PR0FI1 Operator'S Manual preview
JetWeb JX2-PR0FI1
Brand: Jetter Pages: 67
RuggedCom RUGGEDSWITCH RS900G Hardware Installation Manual preview
RUGGEDSWITCH RS900G
Brand: RuggedCom Pages: 23
Delta Electronics DTE-20T Instruction Sheet preview
DTE-20T
Brand: Delta Electronics Pages: 1
TRENDnet TW-100 Specifications preview
TW-100
Brand: TRENDnet Pages: 2
Weidmuller IE-SW-VL16-14TX-2SC Hardware Installation Manual preview
IE-SW-VL16-14TX-2SC
Brand: Weidmuller Pages: 17
Speedtouch IPQoS Configuration Manual preview
IPQoS
Brand: Speedtouch Pages: 124
Far Tools MR 40PB Original Manual Translation preview
MR 40PB
Brand: Far Tools Pages: 24
ZyXEL Communications XS1920 Series User Manual preview
XS1920 Series
Brand: ZyXEL Communications Pages: 422

Brands by name

Popular brands

Load more brands